000019130 - User can one time get passcode accepted  ACE/Server log shows passcode accepted  and Node Secret sent to client. The next time the user tests or attempts to use the client they get access denied.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019130
Applies ToMicrosoft Windows 2000
Microsoft Windows NT 4.0
RSA ACE/Agent
IssueUser can one time get passcode accepted, ACE/Server log shows passcode accepted, and Node Secret sent to client. The next time the user tests or attempts to use the client they get access denied.
Can't write node secret to ACE/Agent host
Error: "Node verification failed" in ACE/Server logs
ACE/Server log shows Node Secret sent to client but the Client or Agent host does not have a node secret file or key in the registry. With ACE/Agent 4.4 and newer versions the node secret is a value written in the registry.
CauseThis could be a user rights issue, the user may not have rights to write to Winnt\System32 or the Registry on this computer. With ACE/Agent 4.3 and earlier versions the node secret is a file written to the system32 folder..
ResolutionThe Registry should have the following rights on HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\ACECLIENT >> Everyone Special Access {{Query Value, Set Value, Create Subkey, Enumerate Subkeys, Delete, Read Control}}
To check or set these rights, regedt32 must be used.
WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the ?Changing Keys and Values? Help topic in Registry Editor (Regedit.exe) or the ?Add and Delete Information in the Registry? and ?Edit Registry Data? Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).
The Folder Winnt\system32 Should have the following rights:
Administrators                  (all) (all)
CREATOR OWNER          (all) (all)
Everyone                         (rx) (rx)
System Full Control          (all) (all)
If this system has WebID running these rights also would be needed:
IUSR_machinename (internet Guest Acct)            (rx) (rx)
IWAM_machinename (Web Application...)          (rx) (rx)
Legacy Article IDa6362

Attachments

    Outcomes